BigONE Exchange Suffers Supply Chain Attack, Losses Exceed $27M

Crypto exchange BigONE has suffered a third-party attack on Wednesday, confirming estimated losses of $27 million. Attackers allegedly tweaked BigONE’s server logic via supply chain to withdraw funds.

Blockchain security platform SlowMist initially reported that BigONE’s production network was compromised. “The operating logic of account and risk control related servers was modified, enabling the attacker to withdraw funds,” the security firm wrote on X.

SlowMist TI Alert

The exchange @BigONEexchange was exploited due to a supply chain attack and loss exceeds $27 million. The production network was compromised, and the operating logic of account and risk control related servers was modified, enabling the attacker to withdraw… pic.twitter.com/GkxlNIUs6A

BigONE later confirmed the attack, assuring users that all private keys remain secure and user assets are safe. Further, BigONE has claimed that they’ll cover all losses.

“All user assets are safe. BigONE will fully bear all the losses. Trading and deposits will resume soon; withdrawals after added security upgrades,” the exchange noted.

BigONE is closely working with the SlowMist team to trace the hacker’s addresses and monitor fund movements, the exchange said in an official release.

The attackers exploited the supply chain vector, gaining access to BigONE’s production infrastructure, according to security firms.

As a result, the logic around risk management was tampered with, along with account operations, leading attackers to siphon funds exceeding $27 million.

The exploiter extracted around $4 million in ETH and multiple other tokens, according to CertiK Alert.

#CertiKInsight

We have seen multiple large token outflows from 0xd4dcd2459bb78d7a645aa7e196857d421b10d93f that are related to the latest BigONE security incident.

The exploiter now holds ~$4M in ETH and multiple other tokens (may not be liquidatable ) at… pic.twitter.com/qWM0rFfNbB

“The attacker is already moving funds swapping into TRX, BTC, ETH & SOL,” another security firm noted. According to Lookonchain data, the hacker quickly split and converted the funds, moving 120 Bitcoin worth $14.15 million, 23.316 million Tron tokens worth $7.01 million, 1,272 Ether worth $4 million and 2,625 Solana tokens worth $428K, across multiple addresses.

Additionally, the BigONE team noted that in order to handle losses and compensation, they have activated our internal security reserves, which include BTC, ETH, USDT, SOL, and XIN tokens.

“For other affected mainstream and non-mainstream tokens, we are actively securing external liquidity through borrowing mechanisms to restore the platform wallet as soon as possible,” BigONE added.

The post BigONE Exchange Suffers Supply Chain Attack, Losses Exceed $27M appeared first on Cryptonews.